openapi-generator

SUSPICIOUS. The skill is not overtly malicious and uses a legitimate npm-distributed CLI from the apparent publisher ecosystem, but its actual footprint centers on the Membrane platform rather than the official OpenAPI Generator CLI. The main risk is third-party credential and request mediation through Membrane’s connection/proxy model, which is broader and less direct than the skill name implies.